PT-2026-57680 · Apache · Apache Gravitino

Darpan Patel

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-49876

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino.
This issue affects Apache Gravitino: from 1.0.0 through 1.2.1.
Users are recommended to upgrade to version 1.3.0, which fixes the issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49876

Affected Products

Apache Gravitino